Citrix Presentation Server Client Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1018343 |
|
SecurityTracker URL: http://securitytracker.com/id/1018343
|
|
CVE Reference:
CVE-2007-3625
(Links to External Site)
|
Updated: Jul 10 2007
|
Original Entry Date: Jul 9 2007
|
Impact:
Denial of service via network, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Citrix Program Neighborhood Agent for Windows prior to 10.100
|
Description:
A vulnerability was reported in the Citrix Presentation Server Program Neighborhood Agent. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted file that is associated with the Program Neighborhood Agent that, when loaded by the target user, will execute arbitrary code on the target user's system.
The attack involves using content redirection and a long pathname to cause the target Program Neighborhood Agent to crash or execute arbitrary code.
|
Impact:
A remote user can cause arbitrary code to be executed on the target user's system.
|
Solution:
The vendor has issued a fix (10.100).
The Citrix advisory is available at:
http://support.citrix.com/article/CTX113919
The original vendor notice is available at:
http://support.citrix.com/article/CTX113543
|
Vendor URL: support.citrix.com/article/CTX113919 (Links to External Site)
|
Cause:
Exception handling error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 6 Jul 2007 18:37:54 -0400
Subject: Citrix Presentation Server Client 10.100 Fixed Issues
|
http://support.citrix.com/article/CTX113543
> Program Neighborhood Agent might exit unexpectedly. This happens when attempting to
> access a file using content redirection and the path to the file on the client
> network exceeds 200 characters in length.
|
|
